In 2007 Jeff Parks told me about a technology he came across called Microsoft Photosynth which takes multiple images and combines them, analyzes them and then presents them in a sort of a panoramic mashup that allows the viewer to get very granular into the details of an image and to view an image from multple angles.

A great presentation of the technology is on this video from the 2007 TED conference where the Notre Dame Cathedral is brought to life from a variety of images on Flickr.

I thought the technology looked really impressive, but I wasn’t sure it would fit into Evince’s frame of interest all that much. My thoughts were that it would take a pretty long time for one person to snap all of the photos that would be required to create a very rich “point in time” mashup relevant for informaiton gathering purposes. Furthermore the idea of gathering multiple images from multiple sources sounded interesting at first until I started to think about how I would go about sourcing which image contained the relevant fact I was interested in; or alternatively always asking myself if something was created from the multiple-source-mashup that either confused the material or created something that wasn’t really there.

That all changed recently. I was watching The BBC’s technology program Click which described a new product called the GigaPan Epic.

The product is essentially a mount for a digital camera (from my understading it is not camera specific but please feel free to correct me on that point) which robotically snaps a photo and then rotates fractions of an inch then snaps another photo, and so on. The result is that you end up taking hundreds of photos in a very short time and depending on the zoom setting on the camera the resulting images can be very detailed. According to the article the images are then combined using a program on the user’s computer.

To see the amount of detail that these images produce I encourage you to check out some of the projects posted on the Gigapan.org website.

The Richard Taylor states in the article that the technology is “entering the realm of affordable consumer tech.” “Affordable” is always a relative term but to give you an idea at the time of writing this post the entry level model of the Epic Gigapan retails for US$375 on the Gigapan System’s website. That price, plus the fact that it appears relatively easy to use means that there is a much higher likelyhood that this product will achieve serious consumer adoption.

There are obvious commercial and hobby uses for this technology, but what does it mean for investigations and security? It doesn’t take long to start imagining the possibilities from uses in threat risk assessments, to surveillance or Internet research. At that price I expect to see both the product and the resulting projects start to appear in this kind of work.

According to a post on Internet Cases courts in Colorado allowed Walmart to issue a subpoena to Facebook, Myspace and Meetup.com for the profiles of several employees that were suing the retailing behemoth.

The case had to do with the employees who were injured on the job. They sued Walmart, their employer and Walmart sought the employees’ profiles on the various social networking sites. The employees tried to claim doctor/client privilege and loss of consortium but the court denied that motion and allowed Walmart to issue the subpoenas.

In reading author Evan Brown’s commentary, I was reminded of the Murphy v Perger decision here in Canada.

There is a great article in the April 2009 edition of Canadian Security Magazine on the use of Social Media for real time intelligence gathering during crisis situations. The article features commentary by Jeannette Sutton and Leysia Palen of University of Colorado Natural Hazards Center.

Are these tools the complete solution to crisis management? Probably not, but having multiple sources providing information on a given incident can only can only lead to better decision making in real time. Furthermore, although the article doesn’t address this, having multiple witness accounts of a given incident can help with post crisis investigation as well.

I have recently completed reading Steven Davis’ book “Protecting Games.” In short I would recommend it to anyone interested in security and investigation aspects of multi-player digital games or games involving the Internet, regardless of the genre they are involved in. I really enjoyed the book and have already found it a useful resource for my work.

With that in mind there are a few things I think prospective readers should know about the book in advance:

1) It is aimed at the business of games. In fact a particularly appropriate quote from the book to summarize this is on page 243 “…game companies are not governments; their goal is to maximize revenues and keep their customers satisfied not meet out “justice””.

The thrust of the book is about platform owners protecting their investments. Outside of the fairly obvious issues of the protection of children and compliance with laws, the book does not really take a moral or ethical stance on piracy, privacy, griefing, ownership of intellectual property, etc. but it addresses these issues as concerns of an ongoing business interested in sustainability and growth.

2) It is broad. The book covers a lot of ground from general security; piracy, gold farming/frauding; payment systems; gambling; how to deal with law enforcement, etc.

The potential criticism of this approach is that it could end up being too broad for some readers interests if they are looking for very specific information. I would not describe that as a fault of the book, it would be impossible to cover every detail of every subject in one text.

For example, the first three sections of the book describe various security issues such as cheating, piracy and hacking, as well as listing some of the methods that platform owners have tried in the past to mitigate these issues. The book describes many, many of these solutions, but does so in general terms to recognize that 1) each platform may have different, specific design requirements and; 2) there are commercial software security solutions that are well understood in the industry and therefore do not require additional explanation in the book. There are references to how code might be structured, but beware if you’re looking for long sections of detailed programming code however, because they won’t be found here.

The same can be said about the other legal and process related domains covered in the book.

People who are subject matter experts may find that the book is light in their particular areas of expertise; but that is okay. It is detailed enough that they will benefit from seeing how their area of expertise intersects with others. Furthermore, it is always useful to learn from activities in other, closely related industries or genres.

3) It is well researched. On page 362 Davis issues a slight taunt at the reader “I’ve included hundreds of footnotes in this book to lend credence to my argument that game security is an important issue (how many have you checked, by the way?)”

I haven’t checked the number of footnotes in the book but there are a lot. For example Chapter 29 cites 37 different sources in the footnotes. There is also a 7 page index of “selected game security incidents” that is worth reviewing. Finally, the book includes a few formulae that are useful for business cases, such as calculating the net potential loss due to piracy for example.

For security or law enforcement professionals who require content for their presentations and business cases these examples be very useful.

The inclusion of Marcus Eikenberry’s commentary is also great for context. I especially liked the story about the Russian carders selling game codes.

Finally Joseph Price was very helpful for providing insight into the law (from a U.S. perspective) that may arise with respect to game security, piracy, the protection of children, etc. I’m sure that in the future versions of this book, Price could write full chapters on comparing jurisdictional approaches to these issues.

I was happy to see that Davis addresses the issues of privacy, identity and anonymity in the book. Throughout the text he identifies several ways that the actions of players within the game might be tied to them, but he does concede that the threat of litigation or fines from government authorities for improperly securing player’s personal information can be very financially damaging to game operators. It may be beneficial to collect this information but platforms have to be very wary of how it is collected, disclosure, retention, protection, etc.

I was also in agreement with his point that at the moment, virtual worlds and MMORPGs are more likely to be used by, or targeted by criminals rather than terrorists for any number of types of bad behavior from money laundering to piracy. He makes some compelling arguments about this in the later chapters of his book which echo those of Bruce Schneier.

Finally the constant theme in the book is that security must be considered at the outset of game design, rather than as an afterthought when production is near completion. He identifies a few pretty practical ways of organizing development teams to make sure that happens.

I am happy to recommend this book as a good general resource for professionals in the game industry as well as those with an interest in the field such as researchers and members of government agencies.

I’m also interested in reading what other people have to say, please either post here or write something on your own site and send me a link.